Configure OpenID providers from cmd line and Lua cfg. (#189)

5 files changed, 75 insertions, 6 deletions

diff --git a/zenserver/auth/authmgr.cpp b/zenserver/auth/authmgr.cpp
index 95ce32bc7..4cd6b3362 100644
--- a/zenserver/auth/authmgr.cpp
+++ b/zenserver/auth/authmgr.cpp
@@ -101,6 +101,13 @@ public:
 	{
 		if (OpenIdProviderExist(Params.Name))
 		{
+			ZEN_DEBUG("OpenID provider '{}' already exist", Params.Name);
+			return;
+		}
+
+		if (Params.Name.empty())
+		{
+			ZEN_WARN("add OpenID provider FAILED, reason 'invalid name'");
 			return;
 		}
 
diff --git a/zenserver/auth/authservice.cpp b/zenserver/auth/authservice.cpp
index ac77b237f..761c087f4 100644
--- a/zenserver/auth/authservice.cpp
+++ b/zenserver/auth/authservice.cpp
@@ -43,10 +43,16 @@ HttpAuthService::HttpAuthService(AuthMgr& AuthMgr) : m_AuthMgr(AuthMgr)
 				return ServerRequest.WriteResponse(HttpResponseCode::BadRequest, Response.Save());
 			}
 
-			const std::string IdentityToken = TokenInfo["IdentityToken"].string_value();
-			const std::string RefreshToken	= TokenInfo["RefreshToken"].string_value();
+			const std::string RefreshToken = TokenInfo["RefreshToken"].string_value();
+			std::string		  ProviderName = TokenInfo["ProviderName"].string_value();
 
-			const bool Ok = m_AuthMgr.AddOpenIdToken(AuthMgr::AddOpenIdTokenParams{.ProviderName = "Okta"sv, .RefreshToken = RefreshToken});
+			if (ProviderName.empty())
+			{
+				ProviderName = "Default"sv;
+			}
+
+			const bool Ok =
+				m_AuthMgr.AddOpenIdToken(AuthMgr::AddOpenIdTokenParams{.ProviderName = ProviderName, .RefreshToken = RefreshToken});
 
 			if (Ok)
 			{
diff --git a/zenserver/config.cpp b/zenserver/config.cpp
index 7728ae670..9531a5251 100644
--- a/zenserver/config.cpp
+++ b/zenserver/config.cpp
@@ -155,6 +155,21 @@ ParseCliOptions(int argc, char* argv[], ZenServerOptions& ServerOptions)
 					   "128 bit AES encryption initialization vector",
 					   cxxopts::value<std::string>(ServerOptions.EncryptionIV),
 					   "");
+
+	std::string OpenIdProviderName;
+	options.add_option("security",
+					   "",
+					   "openid-provider-name",
+					   "Open ID provider name",
+					   cxxopts::value<std::string>(OpenIdProviderName),
+					   "Default");
+
+	std::string OpenIdProviderUrl;
+	options.add_option("security", "", "openid-provider-url", "Open ID provider URL", cxxopts::value<std::string>(OpenIdProviderUrl), "");
+
+	std::string OpenIdClientId;
+	options.add_option("security", "", "openid-client-id", "Open ID client ID", cxxopts::value<std::string>(OpenIdClientId), "");
+
 	options
 		.add_option("lifetime", "", "owner-pid", "Specify owning process id", cxxopts::value<int>(ServerOptions.OwnerPid), "<identifier>");
 	options.add_option("lifetime",
@@ -520,6 +535,17 @@ ParseCliOptions(int argc, char* argv[], ZenServerOptions& ServerOptions)
 		ServerOptions.ConfigFile					  = MakeSafePath(ConfigFile);
 		ServerOptions.UpstreamCacheConfig.CachePolicy = ParseUpstreamCachePolicy(UpstreamCachePolicyOptions);
 
+		if (OpenIdProviderUrl.empty() == false)
+		{
+			if (OpenIdClientId.empty())
+			{
+				throw cxxopts::OptionParseException("Invalid OpenID client ID");
+			}
+
+			ServerOptions.AuthConfig.OpenIdProviders.push_back(
+				{.Name = OpenIdProviderName, .Url = OpenIdProviderUrl, .ClientId = OpenIdClientId});
+		}
+
 		if (!ServerOptions.ConfigFile.empty())
 		{
 			ParseConfigFile(ServerOptions.ConfigFile, ServerOptions);
@@ -811,6 +837,22 @@ ParseConfigFile(const std::filesystem::path& Path, ZenServerOptions& ServerOptio
 
 		if (sol::optional<sol::table> SecurityConfig = lua["security"])
 		{
+			if (sol::optional<sol::table> OpenIdProviders = SecurityConfig.value()["openidproviders"])
+			{
+				for (const auto& Kv : OpenIdProviders.value())
+				{
+					if (sol::optional<sol::table> OpenIdProvider = Kv.second.as<sol::table>())
+					{
+						std::string Name	 = OpenIdProvider.value().get_or("name", std::string("Default"));
+						std::string Url		 = OpenIdProvider.value().get_or("url", std::string());
+						std::string ClientId = OpenIdProvider.value().get_or("clientid", std::string());
+
+						ServerOptions.AuthConfig.OpenIdProviders.push_back(
+							{.Name = std::move(Name), .Url = std::move(Url), .ClientId = std::move(ClientId)});
+					}
+				}
+			}
+
 			ServerOptions.EncryptionKey = SecurityConfig.value().get_or("encryptionaeskey", std::string());
 			ServerOptions.EncryptionIV	= SecurityConfig.value().get_or("encryptionaesiv", std::string());
 		}
diff --git a/zenserver/config.h b/zenserver/config.h
index c90d92d14..5dbca4c41 100644
--- a/zenserver/config.h
+++ b/zenserver/config.h
@@ -98,10 +98,23 @@ struct ZenGcConfig
 	uint64_t			   DiskReserveSize		  = 1ul << 28;
 };
 
+struct ZenOpenIdProviderConfig
+{
+	std::string Name;
+	std::string Url;
+	std::string ClientId;
+};
+
+struct ZenAuthConfig
+{
+	std::vector<ZenOpenIdProviderConfig> OpenIdProviders;
+};
+
 struct ZenServerOptions
 {
 	ZenUpstreamCacheConfig UpstreamCacheConfig;
 	ZenGcConfig			   GcConfig;
+	ZenAuthConfig		   AuthConfig;
 	std::filesystem::path  DataDir;						   // Root directory for state (used for testing)
 	std::filesystem::path  ContentDir;					   // Root directory for serving frontend content (experimental)
 	std::filesystem::path  AbsLogFile;					   // Absolute path to main log file
diff --git a/zenserver/zenserver.cpp b/zenserver/zenserver.cpp
index 1c94d80b7..97cddabf0 100644
--- a/zenserver/zenserver.cpp
+++ b/zenserver/zenserver.cpp
@@ -236,9 +236,10 @@ public:
 										 .EncryptionKey = AesKey256Bit::FromString(EncryptionKey),
 										 .EncryptionIV	= AesIV128Bit::FromString(EncryptionIV)});
 
-			m_AuthMgr->AddOpenIdProvider({.Name		= "Okta"sv,
-										  .Url		= "https://epicgames.okta.com/oauth2/auso645ojjWVdRI3d0x7"sv,
-										  .ClientId = "0oapq1knoglGFqQvr0x7"sv});
+			for (const ZenOpenIdProviderConfig& OpenIdProvider : ServerOptions.AuthConfig.OpenIdProviders)
+			{
+				m_AuthMgr->AddOpenIdProvider({.Name = OpenIdProvider.Name, .Url = OpenIdProvider.Url, .ClientId = OpenIdProvider.ClientId});
+			}
 		}
 
 		m_AuthService = std::make_unique<zen::HttpAuthService>(*m_AuthMgr);